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(54) A uaorcomputor Interaction method tor use by flexibly oormectatte computer systems 

(57) A user-computer interaction method lor use by 

s popul at ion of flexibly conrtectiUe computer systems FIG SB 
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inutt pop uw roon or moDus users, Tiemesioa opmpne* 
Ing storing information cherscterix&ig each n i ou fl e user 
on sn FCC6 plug to be born* by tart mobile user; and 
accepting the FCCS plug from the mobie user for con- 
nection to one of the ftodbty coroactible computer sys- 
tems end employing the information chEr&cterisrig the 
mobie user to perform at lea st one computer operation. 
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FIELD OF THE INVENTION 

10001} Th»pr«eMinvw4onr«tataetofi«arft)fycon- 
rwctfcto computer ipp««litt end methods tor using 
taobly connective hosts. 

BACKGROUND Of THE INVENTION 

fD0Q2] The USB interface is aescrbed In specfftea- 
Horn evalaote over the Internet it wwwueb.org. 
{0003} Firewire technology, tlio termed "IKE 1 394 
t e chn ology", is an attsmaSvs to USB which also pro- 
vides flexfcle comactMty and is described in the ISE 
1394 standard. 

10004] USBHesp is an Aladdin software protection 
product announced In October 1997, which includes a 
US8 toy. USBHasp does not control accasa of a user to 
a computer network but rather impedes inleracbon 
between software and a computer system by activating 
a copy of 1h* software only H a USB key corretp on d w -g 
to toet copy la plugged into the computer system. 
[0005] Coriverrtionatty. the only devices which have 
interacted via US8 have been computers, keyboard, 
monitor* printer, mouse, smart card readers, and bio- 
metric reeders. 

100061 Conventional devices tor provicSng 
terized servicing to a mobie or stationary population of 
users typically include a smart card reader. The mem- 
bers of the mobile population bear smart cards which 
are used to interact with the computerized servicing 
device via ftie smart card reader. 
(0007] A particular dsadvantage of smart cards is 
that they require a smart card reader which is a tela' 
ttvely oosfty device. Computer hosts wHch are equipped 
with a smart card reader are a small subset of the uni- 
verse of computer hosts because addbon of a smart 
caid reader mates the computer considerably more 
expensive. 

[0008] German Patent document DE 19631050 
describes an interface convener tor a untversaJ serial 
bus having a module with a processor that changes for- 
mat and protocol into that of a afferent bus system. 
[0009] Rainbow Technologies, Inc., In a news 
release dated 1 7 November 1 99a announce USB soft- 
ware protection keys which can also be us«d as authen- 
tication or access control devices. A unique ID number 
if assigned to each USB key. enabling the key to replace 
or supplement personal pas*v*ofdt.The unique €> of the 
USB key iTiakeaHusefU as a notsbookcorrputor secu- 
rity device provicSng theft deterrence. Other usee tor the 
USB keys include Web access control, dient token tor 
virtual Private Network access, replacement for pass* 
word generator tokens and storage of creo^rtiale, certif- 
icates and scenses. 

1001 0] tn a news release dated 19 January 1999. 
Rainbow Technologies, Inc. announce a new Hne of 


USB tokens tor VPNs (virtual private networks) which 
provides end user cfierrt authentication to VPNs and 
en ab le s opera to r a c ces s to secured network equip- 
ment Features of these tokens Include "Internet sacu- 
5 rfty smaK enough to ft on a key-ring" and 
*penttna£x«ion tor the end user*. The totens aNow a 
user to keep personal tnJonnaiiun tn his or her pocket 
rather than on a hard drive. 

[0011] A new "unique per tnotviduaT model of its 
to USB based tokens was announced by Rainbow Tech- 
nologies Inc. on 1S March 1999. 
[0012] The disclosures of aft fjubtkartoons men- 
tioned in the specification and of toe publications cited 
therein are hereby tn corpor ata d by referen ce. 

is 

SUMMARY OF THE WVENTION 

[0013] The present invention seeks to provide 
improved ftaxtoly connect! bte apparatus and improved 

ao method s lor using the same. 

[0014] There is toue provided, in accordance with a 
preferred embocfiment of the present rtvenson, a user- 
computer interaction method tor use by a pooutaton of 
fiexbJy connectble cornputer systems end a popUaion 

ss of mobde users, the method including storing inlorma- 
ton cfmracterbing each rnobfle user on an FCCS plug 
to be borne by that mottle user and accepting the FCCS 
plug from toe mobile user for connection to one of the 
flembfy connec ab te computer systems and employing 

so the u i fcim t au mi characterizing the mobile user to per- 
form at least one cornputer operation. 
10015] Further in accordance with a pre f erred 
enixxlmem of the present invention, at least one corn- 
puter operation comprises a u * w ttk* »o n 

» [0016] Also provided, in accordance with another 
preferred embocSment of the present invention, is a an 
FCCS plug device to be borne by a rnobfie user, the 
FCCS plug device including a portable device which 
mates with a ftadbfy oortoectibte computer system and 

40 comprises a memory and info rmati on ctaracterizing the 
moble user and stored in the memory accessary to the 
flexfcly corrtactibta computer system. 
[0017] Also provided, in accordance won another 
prstorred entooolment of toe present invention, Is a pop- 

45 utation of FCCS plug devices to be borne by a oorre- 
spondriQ population of mottle users, the population of 
FCCS plug devices including a multiplicity of portable 
devices each of which mates with a flexfory conneclbie 
cornputer system and comprises a memory and Wor- 
se marten characterizing each mobile user in the popula- 
tion of rriottle usarc and stored, aocessfcr/tothefleritty 
oonnecttola computer system, in the memory of the 
FCCS plug device to be borne by the mobie user. 
fOOTft] Additionally provided, in aocordance with 

ss another preferred ernboo^merrt of the present invention, 
is an FCCS plug device inciuoing a mating element 
operative to mat* wHr» a ftextory rortnecflble cornputer 
system end a memory connected adjacent the mating 
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element toereby to form a portable pocket-sire plug, 
wrierern the memory is sccotsrolc to the ftextory con- 
nectfrle computer system via the metinQ s l sjn e nl 
{0019] Also provided, in accordance wflh another 
pi eternal encjudUnent of #ie present invention, Is An 
FCCS plug divic* indutfng a mating e l ement operative 
to mate with • floxfcty oonjwcUbto computer system end 
a CPU connected afl(jac#fil the meting element thereby 
to form a portable pocket-eke plug, whereto tha CPU 
has a data connaclion to toe ftodbty oonnsctible cornpu- 
tar aystaffi via the mating element. 
10080} Firthar in a r xp r rtai x* wrth a preferred 
entxacflmeni of tha prasant invention, tha FCCS plug 
device ateo cornprtses • CPU comactad axfaosnt tha 
msjsng atamant therapy to sxm a ponftoia poown-accs 
plug, wherein tha CPU has a data conn e c ti on to tha 
fiaadbfy connectibie computer tystam via the mafino ata- 
mant 

[0021] StHI forther In a ccordance wfth a preferred 
errbocfiment of tha prssent irwention. at least one com- 
puter oparation comprises digital aignaiura vexaTcHtion 
ancVbr conVottng accaat to computer networks. 
[00221 Firthar in accordance wth a preferred 
antwcfimant of tha prasant invention, toe Informatkin 
chajactanzing aaoh mobile uear comprises sensitive 
infcfrnetion not storad in tha oomputar system, tharaby 
to anhanoa confidentiality 

10023] Also provided, in aooofdanca with anothar 
prafarrad errfecciment of the prasant invention, is a 
user -computer interaction metood tor uaa by a popula- 
tion of fleadbry connactiblv computer ayatama and a pop* 
uW ti mi of mobia users, lha matHod including 

storing confidential information not storad by tha 
flextory connactWa oomputar systsma on an FCCS 
plug to be borne by an individual user within tha 
population of rtwbHe users and 
a ccep ting tw FCCS plug from tha mobia uaar tor 
connection to ona of the flexibly connectibie compu- 
tar systems and employing tha oonfidantiaJ informa- 
tion to partorm at least ona oomputar operation, 
tharaby to anhanoa oonfidentiaisy. 

r0024] Preferably toe apparatus also includes a 
microprocessor operative to receive USB«mnnuni~ 
cations from tha USB interlace, to perform computa- 
tions thereupon and to provide results of tha 
corrputallom to date storage 
for e ncryp tion and/or tor auftwnticafion andTor tor 
access control. 

tOOStel The term "USB port" refers to a port tor con- 
necting peripherals to a computer which is bu!H accord- 
ing to a USB standard as described in USB 
specr! cations sv&iteJbta over tha Intern at at 
www.us5.org. 

[0026] Tha term USB plug" or "USB key* or "USB 
token" refers to a harctware device whose circuitry inter- 
faces with a USB port to perform various functions. 


[0027] Tha term ^smart card" refers to a typicafy 
plastic card in which is ernbedded a cf^wrscn interacts 
with a reader, thereby slowing a mobia bearer of tha 
smart card to interact artth a machine In which is 

s inserted a smart card reader, typicafy wan any of a net- 
work of machines of thie type. 
[D028] Also provided in accordance wth a p r of a n e d 
ernbocf ment of tha present invention is an electronic 
token, which preferably males with a fteaft^comiection 

ie p tovic Sng port such as the USB port of any computer 
system such as a PC, laptop, petoitop or peripherei. The 
electronic token preferably does not require any adrS- 
tionaJ reading o u j uip i nent The totw may eAtfwrsjcate 
information and/or store passwords or electronic oartffi- 

16 cates In a token which may be the size of a domestic 
house key. 

EO0293 Preferably, when the token is inserted Into a 
ftestfbie con reaction providing port a faghfy secure "dueJ 
factor autherttication" prooaas (e.g. "what you have" 
so plus "what you Irow*) takes piace in which (a) the alec- 
trorac token is "reacT by toe host PCC or network and 
(b) tie user types In fas or her pereoneJ password for 
authorizalioru 

[O030] Suttabfe app i oation s for the electronic tckmn 
MS include autfianticatton for VPN. extranet and e-oom* 
meres. 

EO0S1J The present invention also s asl a to provide 
improved US8 apparatus and improved methods for 
using the ssmo 

30 PJ032] There is thus provided, In acco r dance wfth 
anothar prafsrred ernbocfenant of the present invention, 
USB key apparatus for tnteiaclinF with a USB host via a 
USB port, the USB key apparatus rnducfing a portable 
device confgured to fit the USB port tha portable 

s$ device inducing a USB farrterface conveying USB com- 
munications to and from a USS host* a protocol transla- 
tor operative to translate the USB coiTurvjnications from 
USB prctocot. into smart card pnotocof such as an 
IS07816 protocol, end from smart card protocol into 

40 USB protocol and a smart card chip operative to par- 
form at least one smart card function such as autwrrtf- 
cation. encryption, access control and secure memory, 
[0033] Ateo provided, in accordance wfth another 
preferred errtoodiment of the present invention, is USB 

45 key apparaftrs wtto data storage ca pata itfes, the USB 
key apparatus including a portable device such as a 
PCB. configured to fit the USB port the portable device 
including a USB interface conveying USB comraftica- 
tions to and from a USB host and a data storage urtrt 

so storing information derived from the USB conrrunica* 
Bona. 

BRIEF DESCRIPTION OF THE DRAWINGS 

sff E0034] The present invention wfii be understood 
and appreciated from the foaowing detaJed d es criptio n, 
taken si conjunction with toe di sw i n g s in which: 
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Rg. 1 is a enpgRcd btock ciagram of e US6 plug 
£*p*t+m MtwMJM^i'iu « Crw m iKrftmoOTo io 1 1 fi- 
ery, the USB device being constructed and opera- 
in aocorcfanoe wflh a preferred e<iixx£mant of 
1he present invention; ff 
Bq. 2 is a simplified btock dagam of a USB plug 
device induefing a CPU and a £07816 mamory, 
tha USB device being constructed and opeiaavs in 
a c oof dan ca wtth a p r ef e rr ed emboolment of tha 
present irventon; Yd 
Fig. 3 is an exp lo ded front viaw of an FCCS plug 
constructed and operative in accordance with a 
prafarrad ernbodiment of tha present kvantiort and 
i rnptanian ing tha USB plug davioa of Fig. 1; 
Fig. 4 is an exploded viaw of an FCCS pOg con- is 
structsd and operative in accordance with a pra- 
farrad emtxxfcment of tha praaant Inwjntton and 
tmptexnenting tha USB plug davioa of Fig. 2; and 
Figs. 5A - SB ptatoriairy Sustrate a uaar-cornputar 
interaction method provided in accordance wtth a so 
pra fa rrad embodiment of tha praaant invention for 
use by a population of flextofy c«v*ect£bie computer 
systems and a population of mobile user*. 

DETAILED DESCRIPTION OF PREFERRED EMBOD- S8 
MENTS 

10035] Reference ts now made to Fig. 1 which is a 
simpjfied block diagram of a flexfcty co me c tu le USB 
plug device Including a CPU and a non-iS07B16 rnem- so 
ory, the USB device being construetad and operative in 
accordance wtth a preferred ernbodlrriert o* the present 
invention, 

[0036] A particular feature of fw USB plug device 
of Fig. 1 is that ft has data storage capabtittss and is 45 
thus analogous to a memory smart card 
[0037] Tha USB plug device 10 comprises a PCB 
25 which includes a rrtcrcprocessor or CPU 30 such as 
a Motorola 6805, Cypres* chip or Intel 8051; a USB 
interlace device 40; firmware memory 90 serving the 40 
firmware of the rnicroproceascf 30: RAM memory 60 of 
sire sufficient to enable contemplated computations on 
the part of the microprocessor 30; and user data mem- 
ory 70 which stores a users data Soma or at) of tha 
USB interlace device 40, firmware memory 50 and RAM *s 
memory 60 may be wfthin tie CPU 30. 
10038] Tha USB interface device 40 anoVor the 
firmware memory 50 may be integrated inside tha 
microprocessor 30. 

[0059] The firmware memory may be any suitable bo 
type of memory such as but not Jtmried to ROM. 
EP ROM, EEPROM or FLASH. 
[WHO] The user data rnemory 70 typically does not 
include ISC781&-3 memory and may. for example, com- 
prise any of the following types of memory: PC, Xr*C. « 
2/3 wire bus, FLASH. 

10041] As showix the USB plug device 10 is config- 
ured to interact wtth any USB host 20 such as but not 


Imftad to a personal computer or Macintosh having a 
LrSb porL Key-nost tmerocaon s peveme o oy a USB 
protocol such as the USB protocol desenfced in the USB 
speefkatons avaiabie over fx internet at 
www.ueb.org. USB packets pass between the USB host 
20 and ths USB interlace chip 40. Each pocket typicafty 
ffirf? ides frw following components: 

a. USB header; 

b. Data to be stored/reed on the user's data mem- 
ory 70, pkje addrbonal informaion required by pro- 
tocols of tie mamory chip 70. such as but not 
imrted to the address to store/read tha data. Via 
length of data to stcr a/read, and CRC checksum 

il if i 1 1 1 ■ II l i 

c USB fooler. 

BW42] The flow of data typicafly corrprtees the lot- 
towing flow: 

C0043] The USB interface chfo 40 receives USB 
packets from the USB host 20. parses the data, and 
feeds the parsed date to the microprocessor 30. Tha 
mkaoprocessor 30 writes the data to, or reads the data 
from, tha firmware rnemory 50. tha RAM 60 or the user's 
data memory 70, using each memory's protocol. 
fl>044] in raad operation, ma rricrooroceesor 30 
passes the data to the USB interface chip 40 which 
wraps tha data in USB packet formal and passes it to 
tha host 20. 

10045] Fig. 2 is a sirnpOfied btock olagram of a USB 
plug device, constructed and operative to acco r d ance 
wtth a prafarrad errtwfiment of tha praaant invention. 
«hich is a one piece srrwt card reader and smart card 
chip preferably providing both secured storage and 
cryptographic capabilities. The USB plug device of Fig 
2 includes both a CPU and a smart caid chip (ICQ 
mamory 170, typically a IS07818 (T - 0/1) protocof- 
based chto communicating with the CPU 130 using an 
ISOT816-3 protocol. The apparatus of Fig. 2 is similar to 
lha apparatus of Rg. 1 except that no separate users 
data rnemory 70 is provided. The size of the RAM 160 Is 
typicafly at toast 262 bytes to order to support lha ISO 
781 6_3 T«0 or T«1 protocols. 
[0046] Each packet typicaly irtckidas the following 
components: 

a. USB header; 

b, IS07816-3 T»0/1 protocol packet; 
c USB footer. 

[0047] The flow of data in the apparatus of Fig. 2 
typically comprises the fottowing ftow: 
100481 The USB interlace chip 140 gets USB pack- 
ets from tte USB host 120. The USB interface chip 140 
parses the data and passes it to the rricroprocessor 
130. The data, which typicaly comprises a IS07816-3 
T^V1 formatted packet is passed by the microproces- 
sor to the smart-card 170 in a ISOTB16-3 protocol. The 
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micropro ce ssor 130 (jets toe response from the smart 
card 1 60 end pnt« toe data to the US8 interface chip 
140. The USB interface chip 140 wnpt the data in USB 
pexsNet format and passes it to the hoat 120. 
[0049] A paftkaiaf advantaoe of tte srrtoodtmen t of 
Fig. 2 is that smart card functionality is provided but 
there is no need for a dedica ted reader because the 
pfcjQ 110 is coiwieuad directly to a USB socket in the 
host 120. 

[00001 The indention shown and described herein is 
partkaJarty useful tar cornputerized systems serving 
organizations which process eens&ve information such 
as banks, insurance companies, a c cou n tants and othef 
cornrnefCiaJ organizations, and professional organiza- 
tions such as rrtetficai or legal orgartaabons. 
[0051] CcmventionaJ corrputer system* include a 
corrputer ( co m prisin g a rnotnerboard) and at least one 
periprwrats. The computer has a rtumbar of dlfiuf ertt 
ports which respectvely mate wtth the porta of the vari- 
ous per ip hera ls . Each port typically can mate wtth orrfy 
certain pet toti ends and not wtth other peripherals. For 
example, the keyboard cannot be connected to toe 
computer via the oornputsr*s printer port. 
[0082] k\ state of the art computer systems, also 
termed harem Tlextory ooin>ecMble cornputer systems', 
the computer and the peripherals each include at least 
one identical ports having mating ports on any other 
com pu ter and any other peripheraJ such that any 
peripheral can b#se4ectaJbiy oontwoted to any computer 
or to any other paripharai. Also, a peripheral may be 
connected to the computer not directly as In conven- 
tional systems but rather via another peripheral. There 
la generally always a port available on one or more con- 
nected peripherals in an existing computer system such 
that another peripheral can generaty always be con- 
nected to an existing computer system. 
[0063] One example of a ftantty conrtectable com- 
puter system is a USB (taiiversa* standard bus) system 
in which the computer and each peripheraJ includes a 
USB port Another example of a ffextoty correctable 
cornputer system is the recently contemplated Firowtre 
system. 

[00541 A "USB pi up; is a portable device which 
mates wtth a USB system and, as opposed to peripher- 
als which contain mechanical elements, typically com- 
prises only memory and/or CPU and therefore is 
typtcafly pocket-size. Mora ganerafty, a USB plug is an 
example of a plug which can be plugged Into a 1 Mbiy 
conrtecttote computer system (FCCS). 
[0055) The term "FCCS plug" is used herein to refer 
to a portable device which mates wth a f leodbfy co n nec t - 
fete computer system and, as opposed to peripherals 
which contain mechanical elements, typically oompriee* 
only memory anoVor CPU and therefore is typically 
pocket-size, fc is appreciated that because each periph- 
eral con n ec ted onto aflexfcty coonectibls computer ays* 
tarn typically has at least one port therefore, a flexMy 
connecttbie computer system of any configuration typi- 


caily has at least one vacant port avaflabJe to internet 
with an FCCS plug. USB tokens and Rainbow tokens 
era both examples of FCCS plugs. 
10068] Typically, each of the plurality of compulsi 

s system units (computer and one or mora peripherals) 
forming a co rnp ute r system has at least two identical 
f e mal e sockets and these are interconnected by means 
of mate mate cables, in this embodiment the FCCS 
plug may comprise a male socket. However, it is appre- 

to dated fiat any suitable mating sc heme may be 
srnpioyed to mete the computer system units and the 
that FCCS plug of the present invention. 
[0057] A known use for FCCS ptogs is use in con- 
junction wflh software having plug -recognizing capabft* 

75 ity. Aladdin and Rainbow both market software which is 
operative only if the host computer system si which a 
particular aoftwara copy resides has plugged into 1 an 
FCCS plug which is recognized by the software copy. 
The AteooTn and Rainbow plugs are not used tor 

so authentication. 

{0O98J Computer systems are often used to receive 
information characterizing a mobse user, who is one of 
a poputetion of mobile users, and to process this infor- 
mation. Such information may comprise user id e ntity 

ss authortffcafion information, banking informeadn, acc es s 
rights in f o rmation eta Conventi onal ly, Ms liiluniaaun 
is stored on a smart card which is borne by the user and 
is presented to the ccirnpuler system by him. However 
this require* the computer system to be equipped with a 

90 smart card reader, a special piece of eo^prnant dao>- 
caled to reading the smart card. 
[0059] A ccoKft i g to a preferred entooofrnent of the 
present inverrttoru information chara c te r izin g a mobfle 
user is stored on an FCCS plug. Particular advantages 

as of this errexxsrnent of the pi went invention Is that the 
inion nation is easily borne by the user, on a pockatsize 
su bst rata, that any ftoaototy cormectfci© computer system 
of any configuravon is typically capable of inte i a csng 
with the user via the FCCS plug, and that no dedicated 

40 equipment is required by the computer in order to carry 
out the interactions 

[0060] Reterefxeiswwrnadato Fig. 3 which is an 
exploded front view of an FCCS plug constructed and 
operative In accordance wtth a profaned emboclmant of 

49 the present invention and irrpiemenling the USB key 
device of Fig. 1. Aa shown, the FCCS plug of Fig. 3 
comprises a housing typically formed of two snap- 
together planar cover stei i aai lE 200 and 210, between 
which reside a USB connector 220 and the PCB 25 of 

so Fig. 1. The USB connector 220 may, tor example com- 
prise a USB PLUG SMT < ACN-0213) device marketed 
by Aska Technologies Inc., No. 15. Alley 22, Lane 266, 
Fu Teh. 1st Rd., Hst CHh. Taipei Shi en, Taiwan. The 
PCB 25 bears the elements 30. 40, 50. 60 and 70 of Fig. 

es i . Firmware manag ing the memory 240 may reside on 
the USB interface controBer 230. 
[0061] Reference is eddftonatty made to Fig. 4 
which is an exploded view of an FCCS plug constructed 
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and operative in accord a nce wig? • preferred ernbooV 

USB hey device of Bq. 2. As shown, the FCCS plug Of 
Fig. 4 comprises ft housing typically formed of two snap- 
together planar aw elements 200 and 210, between £ 
which reside tie USB connecta 220 and a PCB 12S 
The PCB 125 beer* 1he eiements 130, 140, 150. 160 
and 170 of Fig. 2. Firmware managing the smart card 
chip 250 may reside on the US8 interface cortfrotar 
230. n 
[0062] Smart card functionalities which are prefera- 
bly provided by the FCCS plug of the present invention 
include: 

1. Controilng access to computer networks: Smart is 
card or ptupj has fD irriorrrtaljon, network authenti- 
cates and allows access on that basis. Authenbea- 
tion may be based upon "whet you have". *what you 
are" e.g. Wometnc tnfomtation and "what you Know* 
(e.g. password). so 
2 Digital signatures or certificates tor verifying or 
authenticating the Werrfty of the sender of a docu- 


3. Storage of confidential In for m a ti on e.g. medical 
intormaltoa A smart card or plug may store oonfV ss 
dsnaal ■ s u i mau u o and interact with a network 
which does not store the confidenfcati infoi malioti 

[0063] Figs, 5A - SB pctc«aJly llust^ s usw--com- 
puter interaction rnethod provided in accordance with a so 
preferred erntxxfcrnent of the present invention for use 
by a rx iptea t io n of haribfy connectible computer sys- 
tems 300 arto a population of moMe users, trrforrnation 
characterizing each mobile user, e.g. name and ID, Is 
loaded into the memory of an FCCS plug 310 to be » 
borne by that mobile user, typicafly via a USB interface 
controller such as unit 230 of Fig. 3. 
100*4] The plug can twi be connected to one of 
the flexibly connecUUe gxnputer systems and the intor- 
rnation chsnjcteriting the mobile user employed to per- 40 
form at least one computer operation typically 
ccH i p i i stn g a con v ent io n a l smart card tuncfonafty such 


IO065] Features of a preferred emtocBmenl of the 
present invention are now aescrtoed: 

a. The need for enhanced user authentication 

[00661 

" Aumertf catiori is the basis tor any trrlrxmation secu- 
rity system. The abftty to autrtenticaie local and 
remote users is a critical issue tor any LAN/tntranet 
mutt-user environment 


b. The need tor encryptio n and confidentiaSty 
[0067] 

- Content e ncryption & canfidonliatrty becomes an 
important issue tor both the corpor a tion and tie 
rrriividuaj users 

c The need for p a ssword and Sign-On security 

J0068] 

* Password security and user password manage- 
ment are key issues tor network corporate users, 
Ps*sworde represent the single most important 
security concern in any con sj u t in g envirorvnenl 

100691 There is a need today tor riardware-based 
PC security tokens 

* Sic^<>rt-Key(SOK) is «ha*^ 

seamlessly integrates with Operating Systems & 
Application to provide: 

- a user authentication key 

- a basis tor sncryption system 

- better Sign-On security and enhanced user 
password rrKinagement 

- Software Security 

Autrierrtjcalion - 3 Basic Eiements 
[0070] 

* Scrnemingyoukrxw ->Pa*sword 

* Something you have Sign-On-Kay 

" Something you are ->e.g.. Bio-maeics 

* Assumption: Two out of the above three provtte 
"grxxd -enough" security. 

Encryption 

10071] 

" The need to encrypt data, files, disks and informa- 
tion fkw is evident 

* An riarcKva/s-based token with cryptographic abti- 
ties can enhance security and eese-of use. 

Sign-On - Wmere are Passwords used? 

[0072] 

* Log on to your O/S 

* Log on to your Network (Local Remote) 

* Log on to the (rrtemevISP 

" Log on to protected Web pages 

* Log on to Group Ware/Ccmrruricafcons appeca- 
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tons 

* Log on to other sensitive piKswofd-pfOtscted appii- 
ccfions 

* MS Office fcofher protected files 

* PC Boot protection (Bios Password) 5 

Stgrt-On - Meier Security Risks 
The Sfcn-On Process 

10073) The Sign -On-Key is a security hardware 
tot«n, lintod by the user to the rsqursd applications. 
Once installed fie -SigrM>>-Key becomes a perl of the 
tog-on process. Sign-On-Key provides the user wth 
many security and other functional benefits. 


SignOn-Key Various Opsone 
[0075] 

* Seven^hajoNajrecMcearratyopetateas^^ 
Keys: 

- Sign-On-Key USB - A smal ivy tfiat comecte 
to tie new standard USB port USB ports are 
becoming the new ccnn eUJ viiy s tand a nl for 
PCs and Macintosh 

* 6ign-On-Kay SC - A smart card based Stgn- 
On-Key. Can be used wth arty st andar d smart 
card dnvs 


TO 


rs 


What Can Sign-On-Key Do For a User? 
10074] 

* Sign-On Security 

• Enhance security & authentication. The Sign- 
On-Key is required in eddtton to the user pass- 
word 

* Sign-On Simpficity 

• Stmpfify tog-on process and earrUnate the 
need for a password. The Sign-On-Key 
repiaees the password 

* Paaswm rd Airtornatic He-verfffcabon 

- Check tor Sign-On-Key porkxficaJly 

* Singje-Sign-On 

- One Sign-On- Key replaces several pass* 
wofftefer several apcecaboiw 

* MobflHy & Remote CkKnputing 

- Sign-On-Ksy identifies remote users 

- SgrvOrMCey can be used as a data secure 
container 

- Theft deterrent of mobile PCs 

* Qenerai Purpose Security Token 

• Fte & data Encryption 

- Authentication 

- Certificate Key Holder 


Sign-On-Key USPs & Advantages 
[0076] 

SO 

" Simple, frrturtive, easy to use, attractive token 
The hay IS the token (S tie con r wctu i 

* Low cost 

* High security 

26 * High functtonaiay 

- Memory inside token 

- Processing power 

- Automatic Password Re-verification 
30 - Mutt token connectivity 

The Agents' sotuton 

Sign-On-Key Architecture 

35 

Ft* Blown System. 
Sign On Agents 
40 EQ077] 

* The Sign-CkvAgarrt is a software interface between 
the Sign-On-Key and the applcetion. 

* The Sign-On-Boot is a special interface for the PC 
45 boot patsword. 

* Agents may be provided for: 

• OSmlet Ware - e.g., Windows NT, 95/98, 3x. 
Noveti, Urix 

00 - Group WarenVtall - e.g. Lotus Notes, Outlook 

Eudora. 

- Enterprise Appfications • e.g., SAP, Baan. 
MK, Oracle. Magic 

- Web Browsers * e.g.. Ej^orer, Navigator 
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The Most Trivial Agent - Windows NT 
goorgj 
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SfcftOn-fey As a Securs Container 


{00623 


The most trivial Agent w3 replace the Widows 5 

Login session 

By doing so Users may gain 

■ Windows Login {Extra security 

- Windows Login sirrpifk*#on (Sign-On-Key to 

replaces password) 


S*gn-On-Ksy Web Browsers* Agent/System 

[007QI f8 

* SignOn-Key can be used as an authentication 
totan to monitor access to secured web pages 

* Web content providers need to authenftcete. man- 
age and provide access to tie* customers so 

Sign-On-Key API (SDK) 

[00801 

PB 

* Sign-On-Key API is the intertsce level between the 
Sign-On-Key arid 3rd parties' app^ 

* This API may be published and opened tor usage 
by certi f i ca tion providers, security companies and 
SSO compsnies. so 

* The Sigrv-On-Key API wil also provide encryption & 
protected memory storage services 

* 5igh*Qn-Kay APi jway i>» PKCS mi based/com- 


in addition to unique Key ID, Sign-On-Key wfl con- 
tain personal protected marnory area 
This memory area can be used for storing sensitive 
information and Certilicales 
^kMJiorislDkBysKkeLctoNtoteslOfHewPQP 
keys can be stored in this rnemory 

* Doing so ~ Sign-On-Key can be used to increase 
mobile computing security. Pies IDs are stored in 
Sign-On-Key instead of disk 

Sign-On-Key An Encryption Engine & Sign-On-Key 
Crypt 

(00831 

* SignOrvKey can be used as an encrypting device 

* An encryption API maybe provided. e.g.. a 100% 
smart card cornpalUe Sign-On-Key tnpiemerrta- 
tkxi 

* Sign-C^Key C^isaDeia^ 
tion utifity based on SignOrvKey 

Sign-On-Key Certification Toofcft 

10064] 

* SOKmayusePKCS #11 and X509 and store certH- 
tcatesanoTor cfcgrtaJ IDs, 


The Sign-On Process (No CA) 
[0081] 

* installation 40 

- User instate Agents for required application* 

- User defines Sign-On Parameters for each 
appi cation 

- User stores SigrvOn information in Sgn-On- 45 
Key 

* Scgn-On 

- Application is started so 
• Application reaches its Sign-On dialog 

- Appfcason comm u i u o aie s wfth the Sign-On- 
Key 

- Sign-On permission is granted based on 
Sgn-On-Key ss 


Sign-On-Key comprises: 
10085] 

* Sign-On- Key USB Tohan 

* HASP 

* Hardtack 

* Initial Sign-On-Key turxafor4ritty(Uraque ID. per- 
sonal protected memory) 

* Stgn-On-Key USB extension cable 

* SigrvOrvKey Smart Card Token 

* Sign-On-Key API (PKCS #1 1 oornpliarrt) 

* Entrust cornpatfoiity/Knk 

* Windows NT Agent 

* Navigator and/or Eapforer Agent (S/Mime* 
- Kay Plus Crypt (Beta release) 

* Secure Screen Saver 

* tniiaJ marketing package 

* USB proliferation & Windows 98/MT avsBabffity are 
key issues 

* In the US. Germany & Israel a* new PCs shipped 
are US8 equipped. 

* Section in Earty Development stage. 
Security Dynamics, AcbVCard & Vasco control the 

fth 1st generation time-based, one-time 
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pesswofld or rhaHongo battel tokens 

* security vendors wfB took to expand their market 
share with second cstnsrsjion integrated smart card 
offerings which wH support cryptography. cSgaaJ 
signature storage and pros suing acavfty 

USB: The Better Connectio n 

[00861 

Almost unSfftitsd port expansion 
No add-in cards tor nsw pe ripher als 

- no setting of IRQs, DMAs, ate. 

* One con ne ction type (plug and port) 

- variety of peripherals 

* no mora guesswork 

- simple setup, just plug in and go 

USB: The Better Connection 
[0087] 

* Addresses need for speed, muHimedia 

- 12 Mb/*, Asynch Qbuik) a fcoch (real time) 
data 

- sterec-Qjafty digital audio 

- high frame-rate video (w#th exxrpresston) 

• high latency appficafens (torce4eeo%ac*0 

* No power bricks with many new peijuliaialh 

- LrSBeupp*esupto50OmA 

* PC User experience is vastly improved 

- Fewer returns and Increased sales potential 

t0068| ft is appreciated tat USB Is only one exam- 
ple of a flexible comectFVty standard and the p rese nt 
invention is not intended to be limited to USR 
(0089| H is appreciated tat the software compo- 
nents of the present invention may. If desired, be imple- 
mented in ROM (read-only memory) form. The software 
co m p o n e nts may, generaty, be implemented in hard- 
ware, if desired using ccrr/entional techniques, 
[00901 K is appreciated tat various features of the 
invention which are, lor clarity, described in the contexts 
of separate embodiments may atso be provided in com- 
bination In a single embodiment Conversely, various 
features of the kwenfon which are, for brevity, described 
in the context of a single ernbedirnent may aiso be pro- 
vided separately or in any suitable suboontfnatton, 
[0091] ft w* be appreciated by persons skflled in 
the art that the present invention is not limited to what 


has been partfcuiarty shown and dasenbad herein- 
above. Rather, the scope of the present invention is 
defined only by the claims tat foiow: 
89092) Where technical features mentioned in any 

s claim aretoGowed by reference signs, ftew reference 
signs have been included just lor the sole purpose of 
increasing in t e fi gfe g ty of the claims and accordingly 
such r e fsi enca signs do not have any knfting effect on 
ta scope of each element ictontffM by way of example 

io by such refere nc e signs. 

Claims 

1. A user-computer interaction method for use by a 
is population of flexfcly ccmectible computer systems 
and a population of mobile users, the method com- 
prising: 

storing information character iang each mobile 
user on an FCCS plug to be borne by tat 
mobile user; and 

accepting the FCCS plug from the mobie user 
lor connection to one of taflexfaiy coi u wc t uie 
computar systems and employing the forma- 
tion characterizing the mobile user to perform 
at least one computer operation, 

2* Ame!riodaccorcfngtoctaim1 wherein said at least 
one computer operation cornprises au th en tica tion. 

& An FCX^ plug device to be borne by a mobile user, 
the FCCS plug device comprising: 

a portable device wttoh mates with a flexibly 
conrtectible computer system and comprises a 
memory; and 

in f m ii ialim i characterizing the mobile user and 
stored in said memory accessWy to the flextofy 
connectibfe oomputer system. 

4. A population of FCCS plug devices to be borne by 
a correeponding population of mobie users, the 
population of FCCS plug devices comprising: 

a murtipticfty of portable devices each of which 
mates with a ftexfary connectibie oonynile r sys- 
tem and compriees a memory; and 
n sum nati o n crtajmctartzing each mobMe user In 
the population of mobile users and stored. 
acceeaJbty to the flexibly cormectible computer 
system, in the memory of the FCCS plug 
device to be borne by said mobie user. 

5. An FCCS plug device comprising: 

a mating element operative to mate with a flex- 
fciy cofirtecbbie computer system; and 
a memory connected acfacent said mating eie- 
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mart thereby to form a portable pocket- 

flejdbty osnnecsble computer system via said 
meting element 

6. An FCCSpiugdevfcgcoiTprising: 

a mating element operative to mate with « ftex- 
lily connectfbie corrpufeer cyst am; and 
a CPU connected adjacent said matrig ale- to 
mart, thereby to form a portable pocket-size 
plug, wherein the CPU has a data c on nection 
to the flex&ry conrtectibto computer system vta 
said meting eiement- 

75 

7. AnFCCSpluQdavk»accofOlngtodaj^5andftlto 
wpi ^ i H jaCPUccw in ac ^ a^acamcajdn^^ 
etoment thereby to form a portable pocket-size 
piug, wherein the CPU hasadetaconrtection tothe 
fteodbty ocmacdUe computer system via said mat* so 
ing atament 

& A method according to datm 1 wherein said at least 
one computer operation comprises digital signature 
vertTcatjon. 

6. Amethcdeocc«oV^todajm2w 

one oomputar operation comprises control ing 
access to computer networks. 

10. A method according to claim 1 wherein said infor- 
mation characterizing each mobile user comprises 
sansttw Tr a o^ rna Ti on noT storscTlh said ccenputer 
system, thereby to enhance confioantiaJrry. 

11. A usar-conpute/ interaction method tor use by a 
population of fleorfbty connect*** computer systems 
and a population of mobile users, the method conv 


storing confidential irArmation not stored by 
the ftexWy connecooie computer systems on 
an FCC&ptt^totebcriiebyaftincivlduaJusar 
wfthin said Deputation of mobie users; and 
accepting the FCCS plug from the mobfie user 
lor connection to one of the f taxtoly oonnectibte 
computer systems and amptoying fee conn- 
denttal mformatfon to perform at toast one com- 
puter operation, thereby to enhance 
confidential 

12. US8 key apparatus tor interacting with a US6 host 
via a USB port tie USB key apparatus comprising: 

a portable device configured to fit the USB port 
the portable device comprising: 

a USB intense* conveying USB oommuni- 


caSons to and from a USB host 
a protocol tujtuaior operates to t 
the USB comrnuiMca fr o n s from USB protc- 
col into smart card protocol and from smart 
cud protocol into USB protocol; And 
a smart card chp operative to perform at 
least one smart card function. 

13. USB key apparatus accorcing to ciaim 12 wherein 
trie smart card p ro tocol ccrnpnses an IS0781 6 pro- 
tocol. 

14. USB key apparatus with date storage capabiioas, 
tho USB key apparatus comprising: 

a portable device configured to fit • USB port 
the portable device corrprisJng: 

a USB interlace conveying USB communi- 
cttfions to and from a USB host; and 
a. data storage unit storing information 
derived from the USB communkxtiorm. 

15. Appe*»toaccorc8ng to daim 12 wherein the smart 
card function cornpriBe s at least one function 
•elected from the group consisting of secured 
memory, a u then ticat ion encryption and access 
oorrtroL 

16. ^apajsiue accorcing to ctaim 14 ar^ 

ing a micropnooessor operative to receive said USB 
corrrrMuudiuits from the USB interface, to perform 
confutations thereupon and to provide results ot 
tie computations to the data storage unit tor stor- 


17. Ameb^forinswax^w^aUSBrtostviaaUSB 
port the method comprising: 

configuririg a portable device to fit the USB 

port; 

conveying USB comrmrfcaSons to and from a 
USB host 

translating the USB conirrtinications from USB 
protocol into smart card protocol and from 
smart cud protocol into USB protocol; and 
providtog a smart card chip operative to per- 
form at least one smart card function 

1& A method according to claim 17 wherein the smart 
card protocol comprises an 1S07816 protocol. 

IS- A data storage method comprising: 

configuring a portable device to fit a USB port; 
conveying USB comrnuncatfons to and from a 
USB host and 

storing information derived from the USB com- 
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munication*. 

20. A rnathcd accccdmg to daim 17 wtwain the smart 
card function co m p r i s a * at feast on* function 
& el at: tad from t» group conatetetg of secured s 
memory, at i thar tofli oa encrypSon and access 

control. 

21* A method accordmg to claim 19 and also compris- 
ing employing a mt a o p iocaaaor to receive aaid io 
USB coCTvnunteationt from tha USB fciterieoe, to 
parform ccffputetions tharaupon and to provide 
results ol tha computations to tha data storage unrl 
tor storage. 

is 
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